[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Bikeshed: configuration override order

From: Greg Hudson <ghudson_at_MIT.EDU>
Date: Tue, 10 Aug 2010 14:57:14 -0400

On Tue, 2010-08-10 at 14:24 -0400, C. Michael Pilato wrote:
> The foremost bit of client configuration that CollabNet's Subversion
> customers are demanding (besides auto-props, which I think we all agree on)
> is a way for the server to set a policy which dictates that clients may not
> use plaintext or other insecure password storage mechanisms.

I don't expect anyone to consider my opinion blocking, but I think this
is a questionable area for any kind of software to delve into. I've
only seen this kind of client control in one other context (a branded
Jabber client), and never in an open source project. (*)

Lots and lots of clients are able to remember passwords: web browsers,
email clients, IM clients. Lots of central IT organizations (MIT's
included) don't like this feature and recommend that users not use it.
Lots of users do it anyway. I don't know of a single piece of
widely-used client software which allows the server to turn off password
memory.

(*) Actually, on consideration, there was some flap about the "okay to
print" flag in PDF documents, or something related to that. I can't
remember how it turned out.
Received on 2010-08-10 20:57:59 CEST

This is an archived mail posted to the Subversion Dev mailing list.